git.ipfire.org Git - thirdparty/grub.git/commit

author	Marco A Benatto <mbenatto@redhat.com>
	Wed, 23 Sep 2020 18:21:14 +0000 (14:21 -0400)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 2 Mar 2021 14:54:15 +0000 (15:54 +0100)
commit	5e280caa6530ed160dcf2920c94f1605fb1f1f7c
tree	438e9e4e2ff9f0401b6b4f03804e5b11cad61518	tree
parent	9e95f45ceeef36fcf93cbfffcf004276883dbc99	commit \| diff

efi: Move the shim_lock verifier to the GRUB core

Move the shim_lock verifier from its own module into the core image. The
Secure Boot lockdown mechanism has the intent to prevent the load of any
unsigned code or binary when Secure Boot is enabled.

The reason is that GRUB must be able to prevent executing untrusted code
if UEFI Secure Boot is enabled, without depending on external modules.

Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

docs/grub.texi		diff \| blob \| blame \| history
grub-core/Makefile.core.def		diff \| blob \| blame \| history
grub-core/commands/efi/shim_lock.c	[deleted file]	blob \| blame \| history
grub-core/kern/efi/init.c		diff \| blob \| blame \| history
grub-core/kern/efi/sb.c		diff \| blob \| blame \| history
include/grub/efi/sb.h		diff \| blob \| blame \| history